-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathserver-setup.ts
More file actions
128 lines (111 loc) · 5.18 KB
/
server-setup.ts
File metadata and controls
128 lines (111 loc) · 5.18 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
import type { Express } from 'express';
import config from 'config';
import { Helmet } from '@hmcts/opal-frontend-common-node/helmet';
import { CSRFToken } from '@hmcts/opal-frontend-common-node/csrf-token';
import SessionStorage from '@hmcts/opal-frontend-common-node/session/session-storage';
import OpalApiProxy from '@hmcts/opal-frontend-common-node/proxy/opal-api-proxy';
import { AppInsights } from '@hmcts/opal-frontend-common-node/app-insights';
import { LaunchDarkly } from '@hmcts/opal-frontend-common-node/launch-darkly';
import {
ExpiryConfiguration,
ProxyConfiguration,
RoutesConfiguration,
SessionStorageConfiguration,
TransferServerState,
OpalUserServiceConfiguration,
} from '@hmcts/opal-frontend-common-node/interfaces';
import { DEFAULT_PROXY_CONFIG } from '@hmcts/opal-frontend-common-node/constants';
const env = process.env['NODE_ENV'] || 'development';
const developmentMode = env === 'development';
export function getRoutesConfig(): {
sessionExpiryConfiguration: ExpiryConfiguration;
routesConfiguration: RoutesConfiguration;
opalUserServiceConfiguration: OpalUserServiceConfiguration;
proxyConfiguration: ProxyConfiguration;
} {
const testMode = config.get<boolean>('expiry.testMode');
const expiryConfigPath = testMode ? 'expiry.test' : 'expiry.default';
const sessionExpiryConfiguration: ExpiryConfiguration = {
testMode,
expiryTimeInMilliseconds: config.get<number>(`${expiryConfigPath}.expiryTimeInMilliseconds`),
warningThresholdInMilliseconds: config.get<number>(`${expiryConfigPath}.warningThresholdInMilliseconds`),
};
const proxyConfiguration: ProxyConfiguration = {
...DEFAULT_PROXY_CONFIG,
opalApiUrl: config.get('opal-api.url'),
opalFinesServiceUrl: config.get('opal-api.opal-fines-service'),
opalUserServiceUrl: config.get('opal-api.opal-user-service'),
};
const routesConfiguration: RoutesConfiguration = {
frontendHostname:
env === 'development' ? config.get('frontend-hostname.dev') : config.get('frontend-hostname.prod'),
prefix: config.get('session.prefix'),
clientId: config.get('secrets.opal.AzureADClientId'),
clientSecret: config.get('secrets.opal.AzureADClientSecret'),
tenantId: config.get('secrets.opal.AzureADTenantId'),
microsoftUrl: config.get('microsoft.url'),
};
const opalUserServiceConfiguration: OpalUserServiceConfiguration = {
userStateUrl: config.get('opal-user-service-urls.userStateUrl'),
addUserUrl: config.get('opal-user-service-urls.addUserUrl'),
updateUserUrl: config.get('opal-user-service-urls.updateUserUrl'),
};
return { sessionExpiryConfiguration, routesConfiguration, opalUserServiceConfiguration, proxyConfiguration };
}
export function configureApiProxyRoutes(app: Express, proxyConfiguration: ProxyConfiguration): void {
const ipLoggingEnabled = config.get('features.ip-logging.enabled') as boolean;
if (proxyConfiguration.opalApiUrl) {
app.use('/api', OpalApiProxy(proxyConfiguration.opalApiUrl, ipLoggingEnabled));
}
if (proxyConfiguration.opalFinesServiceUrl) {
app.use('/opal-fines-service', OpalApiProxy(proxyConfiguration.opalFinesServiceUrl, ipLoggingEnabled));
}
if (proxyConfiguration.opalUserServiceUrl) {
app.use('/opal-user-service', OpalApiProxy(proxyConfiguration.opalUserServiceUrl, ipLoggingEnabled));
}
}
export function configureSession(server: Express): void {
const sessionStorageConfig: SessionStorageConfiguration = {
secret: config.get('secrets.opal.opal-frontend-cookie-secret'),
prefix: config.get('session.prefix'),
maxAge: config.get('session.maxAge'),
sameSite: config.get('session.sameSite'),
secure: config.get('session.secure'),
domain: config.get('session.domain'),
redisEnabled: config.get('features.redis.enabled'),
redisConnectionString: config.get('secrets.opal.redis-connection-string'),
};
new SessionStorage().enableFor(server, sessionStorageConfig);
}
export function configureCsrf(server: Express): void {
new CSRFToken().enableFor(
server,
config.get('secrets.opal.opal-frontend-csrf-secret'),
config.get('csrf.cookieName'),
config.get('csrf.sameSite'),
config.get('csrf.secure'),
);
}
export function configureSecurityHeaders(server: Express): void {
new Helmet(developmentMode).enableFor(server, config.get('features.helmet.enabled'));
}
export function configureMonitoring(): TransferServerState {
const launchDarkly = new LaunchDarkly().enableFor(
config.get('features.launch-darkly.enabled'),
config.get('features.launch-darkly.stream'),
config.has('secrets.opal.launch-darkly-client-id') ? config.get('secrets.opal.launch-darkly-client-id') : null,
);
const appInsights = new AppInsights().enable(
config.get('features.app-insights.enabled'),
config.has('secrets.opal.app-insights-connection-string')
? config.get('secrets.opal.app-insights-connection-string')
: null,
config.has('application-insights.cloudRoleName') ? config.get('application-insights.cloudRoleName') : null,
);
return {
launchDarklyConfig: launchDarkly,
ssoEnabled: config.get('features.sso.enabled'),
appInsightsConfig: appInsights,
userStateCacheExpirationMilliseconds: config.get('expiry.userStateExpiryInMilliseconds'),
};
}